Limits on the security of coin flips when half the processors are faulty
STOC '86 Proceedings of the eighteenth annual ACM symposium on Theory of computing
Optimistic protocols for fair exchange
Proceedings of the 4th ACM conference on Computer and communications security
Simplified VSS and fast-track multiparty computations with applications to threshold cryptography
PODC '98 Proceedings of the seventeenth annual ACM symposium on Principles of distributed computing
Efficient verifiable encryption (and fair exchange) of digital signatures
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
ACM Transactions on Computer Systems (TOCS)
Optimistic Fair Secure Computation
CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Simple and fast optimistic protocols for fair electronic exchange
Proceedings of the twenty-second annual symposium on Principles of distributed computing
Information sharing across private databases
Proceedings of the 2003 ACM SIGMOD international conference on Management of data
Foundations of Cryptography: Volume 2, Basic Applications
Foundations of Cryptography: Volume 2, Basic Applications
Secure set intersection cardinality with application to association rule mining
Journal of Computer Security
TCC '09 Proceedings of the 6th Theory of Cryptography Conference on Theory of Cryptography
Efficient Robust Private Set Intersection
ACNS '09 Proceedings of the 7th International Conference on Applied Cryptography and Network Security
Private Intersection of Certified Sets
Financial Cryptography and Data Security
A secure and optimally efficient multi-authority election scheme
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Optimistic fair exchange in a multi-user setting
PKC'07 Proceedings of the 10th international conference on Practice and theory in public-key cryptography
Fair secure two-party computation
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
TCC'08 Proceedings of the 5th conference on Theory of cryptography
Privacy-preserving set operations
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Practical private set intersection protocols with linear complexity
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
Efficient set operations in the presence of malicious adversaries
PKC'10 Proceedings of the 13th international conference on Practice and Theory in Public Key Cryptography
A framework for practical universally composable zero-knowledge protocols
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
A fair protocol for signing contracts
IEEE Transactions on Information Theory
| Hi-index | 0.00 |
A private set intersection (PSI) protocol allows two parties to compute the intersection of their input sets privately. Most of the previous PSI protocols only output the result to one party and the other party gets nothing from running the protocols. However, a mutual PSI protocol in which both parties can get the output is highly desirable in many applications. A major obstacle in designing a mutual PSI protocol is how to ensure fairness. In this paper we present the first fair mutual PSI protocol which is efficient and secure. Fairness of the protocol is obtained in an optimistic fashion, i.e. by using an offline third party arbiter. In contrast to many optimistic protocols which require a fully trusted arbiter, in our protocol the arbiter is only required to be semi-trusted, in the sense that we consider it to be a potential threat to both parties' privacy but believe it will follow the protocol. The arbiter can resolve disputes without knowing any private information belongs to the two parties. This feature is appealing for a PSI protocol in which privacy may be of ultimate importance.